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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims ; 

1. (Currently Amended) A method of enabling at least one pervasive device to 
retrieve at least one authentication token from at least one personal authentication 
gateway, the at least one pervasive device comprising at least one automatic token client 
application and the at least one personal autheijtication gateway comprising at least one 
token server application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from the at least one 
pervasive device by broadcasting a pervasive authentication domain discovery request 
message and receiving at least one discovery response message from the at least one 
personal authentication gateway ; 

sending at least one token request from the at least one pervasive device to the at 
least one personal authentication gateway; and, 

receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being authorized by the steps comprising: 

re gistering the at least one pervasive device as a member of a pervasive 
authentication domain: and 
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ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device . 

2. (Cancelled) The method according to claim 1, wherein said ascertaining step 
comprises broadcasting a pervasive authentication domain discovery request message and 
receiving at least one discovery response message from the at least one personal 
authentication gateway. 

3. (Original) The method according to claim 1, wherein said ascertaining step 
comprises looking up a personal authentication gateway address in configuration settings. 

4. (Original) The method according to claim 1, wherein the at least one token 
request comprises a pervasive device identification, a message type, and a protection 
arrangement for fields of the at least one token request, the protection arrangement being 
adapted to ensure integrity and confidentiality. 

5. (Original) The method according to claim 1, wherein said receiving step 
comprises storing received credentials for use by other applications. 

6. (Cancelled) The method according to claim 1, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 

7. (Currently Amended) A method of enabling at least one personal 
authentication gateway to distribute at least one authentication token to at least one 
authorized pervasive device, the at least one personal authentication gateway comprising 
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at least one token server and the at least one pervasive device comprising at least one 
automatic token client, said method comprising the steps of: 

receiving at least one token request from at least one pervasive device on at least 
one personal authentication gatewa y, wherein the at least on pervasive device broadcasts 
a pervasive authentication domain discovery request message to the at least one personal 
authentication gateway : 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain: and 

ascertaining whether the at least one pervasive device is within a given 
distance of the gateway as measured by signal strength of wireless 
communication, wherein said gateway is integrated on a combined pervasive 
device; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gatewa y, wherein said sending step comprises the at 
least one personal authentication gateway responding to a pervasive authentication 
domain discovery message from the at least one pervasive device . 

8. (Cancelled) The method according to claim 7 4 wherein said sending step 
comprises the at least one personal authentication gateway responding to a pervasive 
authentication domain discovery message from the at least one pervasive device. 
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9. (Cancelled) The method according to claim 8; wherein: said at least one 
personal authentication gateway has a pervasive authentication domain; sending step 
comprises sending the at least one token response only if the pervasive device 
identification for the pervasive authentication domain discovery message is a member of 
the pervasive authentication domain of the at least one personal authentication gateway. 

10. (Original) The method according to claim 7, wherein said receiving step 
comprises: determining the pervasive device identification of the at least one token 
request; deriving at least one pervasive authentication domain for the at least one 
pervasive device; and retrieving at least one authentication token for the pervasive 
device. 

11. (Original) The method according to claim 7, wherein the at least one token 
response sent comprises of a pervasive device identification, the message type, 
authentication tokens, and a protection arrangement for fields of the at least one token 
response, the protection arrangement being adapted to ensure integrity and 
confidentiality. 

12. (Cancelled) The method according to claim 7, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 

13. (Currently Amended) The method according to claim 43 2, wherein said 
registering step comprises: entering the same random password on the pervasive device 
and the personal authentication gateway; generating on the personal authentication 
gateway an encryption key, Slave_H>_Secret, which is encrypted by the random 
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password; transferring the protected key to the pervasive device and computing a 
fingerprint of the protected key on the personal authentication gateway; and comparing 
the fingerprint of the received and decrypted protected key on the pervasive device. 

14. (Original) The method according to claim 13, wherein the encryption key, 
Slave_lD_Secret> is used as a protection arrangement for token requests and token 
responses. 

15. (Cancelled) The method according to claim 10, wherein said determining step 
comprises validating that the at least one pervasive device has been registered for the at 
least one pervasive authentication domain. 

16. (Cancelled) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device is within a given 
distance of the at least one personal authentication gateway. 

17. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has recently made a 
previous request 

18. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has not sent a message 
indicating that the at least one pervasive device is no longer to be trusted. 

19. (Currently Amended) An apparatus for enabling at least one pervasive 
device to retrieve at least one authentication token from at least one personal 
authentication gateway, said apparatus comprising: 
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a discoverer which finds at least one personal authentication gateway capable of 
responding to token requests; 

a token requestor which sends at least one requ e sts request for at least one token 
required by the at least one pervasive device; and 

a token responder which accepts at least one token requ e st s request and sends at 
least one token response with at least one authentication token to the at least one 
authorized pervasive device only if the at least one pervasive device is authorized, the at 
least one pervasive device being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain: and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

20. (Original) The apparatus according to claim 19, wherein the at least one 
token request comprises a pervasive device identification, the message type, at least one 
authentication token, and a protection arrangement for fields of the at least one token 
request, the protection arrangement being adapted to ensure integrity and confidentiality. 

21. (Original) The apparatus according to claim 20, wherein said protection 
arrangement comprises Triple-DES encryption using a long key. 
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22. (Original) The apparatus according to claim 21, wherein said long key is a 
secure hash comprised of a master secret known only to the personal authentication 
gateway, a pervasive device identification, and a pervasive authentication domain 
identification. 

23. (Original) The apparatus according to claim 21 , wherein said long key is 
distributed to the at least one pervasive device during registration. 

24. (Currently Amended) An apparatus comprising means for enabling at least 
one personal authentication gateway to distribute authentication tokens to at least one 
authorized pervasive device, said apparatus comprising: 

means for registering at least one pervasive device for membership in a pervasive 
authentication domain; aed 

means for receiving a token request from at least one pervasive devic e, wherein 
the at least on pervasive device broadcasts a pervasive authentication domain discovery 
request message to the at least one personal authentication gateway : 

means for determining whether the at least one pervasive device is authorized to 
receive authentication token s, wherein said determining step comprises: 

ascertaininH if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain: and 

ascertaining whether the at least one pervasive device is within a given 
distance of the gateway as measured bv signal strength of wireless 
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communication, wherein said gateway is integrated on a combined pervasive 
device : and 

means for sending at least one token response to the at least one pervasive device 
from the at least one personal authentication gateway. 

25. (Currently Amended) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps for enabling at least one pervasive device to retrieve at least one 
authentication token from at least one personal authentication gateway, the at least one 
pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway comprising at least one token server 
application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from the at least one 
pervasive device by broadcasting a pervasive authentication domain discovery x$<m<x\ 
message and receiving at least one discovery response message from at least one personal 
authentication gateway; 

sending at least one token request from the at least one pervasive device to the at 
least one personal authentication gateway; and, 

receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being autho rized by the steps comprising: 
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registering the at least one pervasive device as a member of a pervasive 
authentication domain: and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured bv signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device . 

26. (Currently Amended) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps enabling at least one personal authentication gateway to distribute 
authentication tokens to at least one authorized pervasive device, the at least one personal 
authentication gateway comprising at least one token server and the at least one pervasive 
device comprising at least one automatic token client, said method comprising the steps 
of: 

receiving at least one token request from at least one pervasive device on at least 
one personal authentication gatewa y, wherein the at least on pervasive device broadcasts 
a pervasive authentication domain dis covery request message to the at least one personal 
authentication gateway ; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain: and 
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ascertaininn whether the at least one pervasive device is within a given 
distance of the gateway as measured bv signal strength of wireless 
communication, wherein said gateway is integrated on a combined pervasive 
device ; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway. 

27. (Currently Amended) An article, of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method of enabling at least one pervasive device to 
retrieve at least one authentication token from at least one personal authentication 
gateway, the at least one pervasive device comprising at least one automatic token client 
application and the at least one personal authentication gateway comprising at least one 
token server application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from the at least one 
pervasive device by broadcasting a pervasive authentication domain discovery request 
message and receiving at least one discovery response message from at least one personal 
authentication gateway : 

sending at least one taken request from the at least one pervasive device to the at 
least one personal authentication gatewa y, the at least one pervasive device having an 
automatic token client : and, 
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receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertainine if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

28- (Currently Amended) An article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method of enabling at least one personal authentication 
gateway to distribute at least one authentication token to at least one authorized pervasive 
device, the at least one personal authentication gateway comprising at least one token 
server and the at least one pervasive device comprising at least one automatic token 
client, said method comprising the steps of: 

receiving at least one token request from at least one pervasive device on 
at least one personal authentication gatewa y, wherein the at least on pervasive 
device broadcasts a pervasive authentication domain discovery request message to 
the at least one personal authentication gateway : 

determining whether the at least one pervasive device is authorized to 
receive authentication tokens, wherein said determining step comprises: 
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ascertaining if the at least one pervasive device has been registered 
as a member of the pervasive authentication domain; and 

ascertaining whether the at least one pervasive device is within a 
given distance of the gateway as measured bv signal _strength of wireless 
communication, wherein said gateway is integrated on a combined 
pervasive device; and 

sending at least one token response to the at least one pervasive device from at 
least one personal authentication gateway. 

29. (Currently Amended) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing enablement of at least one pervasive device to obtain authentication tokens from 
at least one personal authentication gateway, the computer readable program code means 
in said computer program product comprising computer readable program code means 
for causing a computer to effect an apparatus for enabling of at least one pervasive device 
to retrieve at least one authentication token from at least one personal authentication 
gateway, said apparatus comprising: 

a discoverer which finds at least one personal authentication gateway capable of 
responding to token requests , wherein at least on pervasive device broadcasts a pervasive 
authentication domain discovery request message to the at least one personal 
authentication gateway : 



- 13- 

PAGE 1 6/25 1 RCVD AT 7/512007 9:55:27 PM [Eastern Daylight Time] * SVR:USPTO£FXRF-6/2 * DNIS:2738300 ■ CSID:41 2 74 1 9292 * DURATION (mm-ss):03-26 



07-05-' 07 21:57 FROM- 412-741-9292 T-908 P017/025 F-367 

Atty. Docket No. YOR200305 1 8US 1 

(590.122) 

a token requestor which sends at least one r e qu e sts request for at least one token 
required by the at least one pervasive device; and 

a token responded which accepts at least one token r e qu e sts request and sends at 
least one token response with at least one authentication token to the at least one 
authorized pervasive device only if the at least one pervasive device is authorized, the at 
least one pervasive device being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device . 
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